-
Notifications
You must be signed in to change notification settings - Fork 5.8k
81 lines (72 loc) · 3.24 KB
/
Copy pathspec-gen-sdk-status.yaml
File metadata and controls
81 lines (72 loc) · 3.24 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
name: "SDK Validation Status"
on:
check_run:
types: [completed]
# Azure DevOps pipelines (which report the "SDK Validation" check runs) do not re-trigger when a
# PR is reopened, so the "check_run" event alone would never refresh the status. Re-evaluate the
# existing check runs on reopen using pull_request_target (privileged, runs in the target branch).
pull_request_target:
types: [reopened]
permissions:
contents: read
checks: read
statuses: write
id-token: write
jobs:
sdk-validation-status:
if: |
github.event_name == 'pull_request_target' ||
(github.event.check_run.check_suite.app.name == 'Azure Pipelines' &&
contains(github.event.check_run.name, 'SDK Validation'))
name: "SDK Validation Status"
runs-on: ubuntu-slim
steps:
# *** IMPORTANT ***
# For workflows that are triggered by the pull_request_target event, the workflow runs in the
# context of the base of the pull request. You should make sure that you do not check out,
# build, or run untrusted code from the head of the pull request.
- uses: actions/checkout@v6
with:
# Only needs .github folder for automation, not the files in the PR (analyzed in a
# separate workflow).
#
# Uses the .github folder from the PR base branch (pull_request_target trigger),
# or the repo default branch (other triggers).
sparse-checkout: |
.github
# Only run the login and get token steps when the repository is azure-rest-api-specs-pr
- if: github.event.repository.name == 'azure-rest-api-specs-pr'
name: Azure Login with Workload Identity Federation
uses: azure/login@v3
with:
client-id: "205398f1-715f-40a7-8d52-856097f28281"
tenant-id: "72f988bf-86f1-41af-91ab-2d7cd011db47"
allow-no-subscriptions: true
- if: github.event.repository.name == 'azure-rest-api-specs-pr'
name: Get ADO Token via Managed Identity
run: |
# Get token for Azure DevOps resource
ADO_TOKEN=$(az account get-access-token --resource "499b84ac-1321-427f-aa17-267ca6975798" --query "accessToken" -o tsv)
echo "ADO_TOKEN=$ADO_TOKEN" >> "$GITHUB_ENV"
- name: Install dependencies for github-script actions
uses: ./.github/actions/install-deps-github-script
- name: "SDK Validation Set Status"
id: sdk-validation-status
uses: actions/github-script@v8
with:
script: |
const setStatus =
(await import('${{ github.workspace }}/.github/workflows/src/spec-gen-sdk-status.js')).default;
return await setStatus({ github, context, core });
- if: ${{ always() && steps.sdk-validation-status.outputs.head_sha }}
name: Upload artifact with head SHA
uses: ./.github/actions/add-empty-artifact
with:
name: head-sha
value: ${{ steps.sdk-validation-status.outputs.head_sha }}
- if: ${{ always() && steps.sdk-validation-status.outputs.issue_number }}
name: Upload artifact with issue number
uses: ./.github/actions/add-empty-artifact
with:
name: issue-number
value: ${{ steps.sdk-validation-status.outputs.issue_number }}